As of this morning, I am officially a Microsoft Certified IT Professional: Enterprise Administrator, which is much less impressive than it sounds. It’s basically just the 2008/2008 R2 equivalent of the MCSE, but I guess Microsoft got bored of people referring to it as “Must Consult Somebody Else” and so decided to change the name.

Why so late to the party? Well under normal circumstances I wouldn’t go out of my way to get Microsoft qualifications, but my current employer offered to pay for the exams so it seemed silly not to and I actually learned some stuff about NAP that I didn’t already know (And some stuff about RRAS that I didn’t want to).

Issue
A potential vulnerability has been found in Safeguard Enterprise 5.x and SafeGuard Easy 5.5x and Sophos Disk Encryption v 5.5x that could allow an informed attacker, under specific circumstances, to reuse outdated or invalidated credentials for locally accessing an endpoint computer.

This affects all versions of Safeguard Enterprise that I’m aware of, though patches are only available back to 5.35.0 so if you’re still running 5.30.x or (God help you) 5.21, then you’re out of luck unless you upgrade. As it is apparently difficult to identify machines that may be vulnerable, Sophos are recommending that you update all of your endpoints ASAP to be on the safe side.

Fast Initial Encryption
A new, optimized handling of initial encryption using full-disk encryption is now available which typically leads to a significantly reduced duration of the initial encryption process. By limiting the initial encryption to hard disk space that is actually ‘used’ and not all the available physical disk space, the performance gain can be dramatic, of course depending on the percentage of used disk space. This new operation mode can be controlled along with the other encryption policy settings and is deactivated by default.

Improved Encryption PerformanceA new, improved and optimized implementation of the AES256 encryption algorithm provides better run-time performance when accessing encrypted data. Since the very same encryption module is used for full-disk as well as file-based encryption both modules (DE and DX) benefit from the improvements and yield better performance figures.

Users with active support contracts can download the release from www.myutimaco.com (Maybe one day they’ll get around to integrating it into the Sophos site properly).